Using the driver "\??\%Program Files%\Movies App\SafetyNut\configmgrc2.cfg" the Backdoor controls operations with a system registry by installing the registry notifier.The Backdoor installs the following kernel-mode hooks:

ZwOpenProcess ZwOpenThread

Using the driver " \??\%Program Files%\Movies App\SafetyNut\configmgrc2.cfg" the Backdoor attaches its filter-device object to the Volume Device Object (VDO) of the file system driver.

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

view %s may not be altered

table %s may not be altered

-- TRIGGER %s

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %s.sqlite_sequence WHERE name=%Q

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

table %s may not be dropped

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

view %s may not be altered

table %s may not be altered

-- TRIGGER %s

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %s.sqlite_sequence WHERE name=%Q

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

table %s may not be dropped

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

view %s may not be altered

table %s may not be altered

-- TRIGGER %s

DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

DELETE FROM %s.sqlite_sequence WHERE name=%Q

use DROP VIEW to delete view %s

use DROP TABLE to delete table %s

table %s may not be dropped

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers